Hacker News new | past | comments | ask | show | jobs | submit login

fail2ban is one the most under appreciated tools on small to medium Unix servers. I was first introduced to it when administering some web facing Asterisk servers (FreePBX) and was quickly impressed with its effectiveness/simplicity.

However, one of the issues I ran into was that people in the field were really frustrated by it on a day to day basis. They were accidentally getting themselves banned, and instead of unbanning themselves they would just turn fail2ban off all together. Some people didn't feel comfortable using fail2ban-client and others just felt like it took to much time.

And so fail2web was born! Fail2web gives you basic fail2ban administration abilities. You can manage bannedIPs, fail regexes and a few other per jail settings, with a lot more stuff planned in the future.

While building this I also ended up building a Go library that abstract aways fail2ban communication (https://github.com/Sean-Der/fail2go) which is used by the REST server that powers fail2web (https://github.com/Sean-Der/fail2rest). The fail2rest server could also be used for other cool projects, I am in the process of using it to distribute bans across multiple servers and using it for health checks.

The tech stack for this project also was a lot of fun using. For this project I am communicating with a long running Python process that exposes information via a socket that gives pickled output so I used the awesome library (https://github.com/kisielk/og-rek) I also had a lot of fun building the frontend in angularjs, angular-ui with browserify. In the end I was happy with all the tools I picked.


Thanks for making it. I'd like to give it a try some time. I certainly share your feeling about the awesomeness of fail2ban, as well as the slight awkwardness of interacting with it (I tried a couple of things with the client, but it felt rather awkward somehow. I'm not entirely sure why).

As a developer, the stack you're describing sounds great. As a sysadmin / devops, I'd be a little careful installing something with this level of component complexity on top of fail2ban. Ideally you'd want something very lean with as few moving parts as possible. (after all, if something goes wrong, you can end up locking yourself or your server).

I defiantly hear your concern about there being lots of moving parts. I thought about having one monolithic platform that you could drop and run to help deployment ease. But after spending some time with Kibana and Elastic Search lately I was really inspired by having things decoupled, once you have that flexibility you can do lots of cool things.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact